[docker-up] Auto-login dockerd if GITPOD_IMAGE_AUTH is set

[geropl]

Description

So far GITPOD_IMAGE_AUTH had two issues:

1. it was not present in the default env in terminals, although it was present in gp env
2. it was used for pulling docker images in image builder, but not used in workspaces to authenticated the docker daemon

This PR fixes both issues, by introducing a project-level opt-in toggle to enable auto-login of dockerd if GITPOD_IMAGE_AUTH is specified.

Related Issue(s)

Fixes CLC-1098

Docs PR: https://github.com/gitpod-io/website/pull/5170

Prior PRs:

• [docker-up] Auto-login if GITPOD_IMAGE_AUTH is set #20545
• [docker-up] Auto-login if GITPOD_IMAGE_AUTH is set #20571

How to test

• join this org
• start a workspace, and note:
  • env | grep GITPOD_IMAGE_AUTH is not empty ✔️
  • docker pull geropl/workspace-base-3:latest "just works" ™️ ✔️
  • test gp validate:
    • change first line in .gitpod.yml to image: geropl/workspace-base-3:latest
    • hit gp validate and note how it successfully pulls the base image ✔️

Documentation

Preview status

gitpod:summary

Build Options

Build

• /werft with-werft
  Run the build with werft instead of GHA
• leeway-no-cache
• /werft no-test
  Run Leeway with --dont-test

Publish

• /werft publish-to-npm
• /werft publish-to-jb-marketplace

Installer

• analytics=segment
• with-dedicated-emulation
• workspace-feature-flags
  Add desired feature flags to the end of the line above, space separated

Preview Environment / Integration Tests

• /werft with-local-preview
  If enabled this will build install/preview
• /werft with-preview
• /werft with-large-vm
• /werft with-gce-vm
  If enabled this will create the environment on GCE infra
• /werft preemptible
  Saves cost. Untick this only if you're really sure you need a non-preemtible machine.
• with-integration-tests=all
  Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
• with-monitoring

/hold

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
golang/github.com/rootless-containers/[email protected] 🔁 golang/github.com/rootless-containers/[email protected]	None	0	247 kB
golang/github.com/spf13/[email protected]	eval, filesystem, network, unsafe	0	323 kB
golang/github.com/vishvananda/[email protected]	environment, filesystem, network, shell, unsafe	0	1.17 MB
golang/golang.org/x/[email protected] 🔁 golang/golang.org/x/[email protected]	None	0	9.39 MB
golang/golang.org/x/[email protected] 🔁 golang/golang.org/x/[email protected]	None	0	44.9 kB

View full report↗︎

[gitguardian]

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
While these secrets were previously flagged, we no longer have a reference to the
specific commits where they were detected. Once a secret has been leaked into a git
repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

---

^{_{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}}

[filiptronicek]

Looks great. Had one blocking comment I left regarding permissions on Slack and some non-blocking ones.

I couldn't get the preview environment to load now, so couldn't test the end-to-end dockerd integration, hence this is just a code review.

[filiptronicek]

Works like a charm. Feel free to unhold after looking at the rest of the review comments I left 🚀

[geropl]

/unhold